guloader | 22038abe5b99a566ae05f31d2781c49af9a2554f66fed7e51d8faa69aa4e72d9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

22038abe5b99a566ae05f31d2781c49af9a2554f66fed7e51d8faa69aa4e72d9
Size

489KB
Sample

230509-m832gafe32
MD5

5e3ab6663bb65effaf3086d3b03ad412
SHA1

2edb6321b36d8851d55c856cdbe61c1c8ed2ff41
SHA256

22038abe5b99a566ae05f31d2781c49af9a2554f66fed7e51d8faa69aa4e72d9
SHA512

6a2d46d76d9132bc8a095121ad5e8e87217da3e520470d7678cf88c3ecb69b63878cb56b1188e43da099e9e95f4e9fee14112657cc407a642a9bf9e80c53ef33
SSDEEP

12288:kbbtRZP7FcZCSIcz0w+D8qtRDrrhCJgkcQ8KYMY:kb5fP5cZCSI00wfqtVygDF

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  22038abe5b99a566ae05f31d2781c49af9a2554f66fed7e51d8faa69aa4e72d9
- Size
  
  489KB
- MD5
  
  5e3ab6663bb65effaf3086d3b03ad412
- SHA1
  
  2edb6321b36d8851d55c856cdbe61c1c8ed2ff41
- SHA256
  
  22038abe5b99a566ae05f31d2781c49af9a2554f66fed7e51d8faa69aa4e72d9
- SHA512
  
  6a2d46d76d9132bc8a095121ad5e8e87217da3e520470d7678cf88c3ecb69b63878cb56b1188e43da099e9e95f4e9fee14112657cc407a642a9bf9e80c53ef33
- SSDEEP
  
  12288:kbbtRZP7FcZCSIcz0w+D8qtRDrrhCJgkcQ8KYMY:kb5fP5cZCSI00wfqtVygDF
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader